commit 5a26f3000d945d1e770925a257132102d1c5fa53
author Jerry Yu <jerry.h.yu@arm.com> Tue May 10 20:46:40 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Thu May 12 14:44:59 2022 +0800
tree 217ea674db83b5ed9da39e2bf71d45ccd42c8d51
parent c450566b8538c748abc6d09b73dd74fff4995f2e

Refactor cert exchange states

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls13_server.c

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index db6cbb6..693e451 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1376,7 +1376,6 @@
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
     return( ret );
 }
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 /*
  * Handler for MBEDTLS_SSL_HELLO_RETRY_REQUEST
@@ -1448,14 +1447,17 @@
  */
 static int ssl_tls13_write_server_certificate( mbedtls_ssl_context *ssl )
 {
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    int ret;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     if( mbedtls_ssl_own_cert( ssl ) == NULL )
+    {
+        MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
+                                      MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
         return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
     ret = mbedtls_ssl_tls13_write_certificate( ssl );
     if( ret != 0 )
         return( ret );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY );
     return( 0 );
 }
@@ -1465,14 +1467,13 @@
  */
 static int ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
 {
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
     int ret = mbedtls_ssl_tls13_write_certificate_verify( ssl );
     if( ret != 0 )
         return( ret );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
     mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
     return( 0 );
 }
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 /*
  * TLS 1.3 State Machine -- server side
@@ -1528,7 +1529,6 @@
         case MBEDTLS_SSL_CERTIFICATE_REQUEST:
             ret = ssl_tls13_write_certificate_request( ssl );
             break;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         case MBEDTLS_SSL_SERVER_CERTIFICATE:
             ret = ssl_tls13_write_server_certificate( ssl );
@@ -1537,6 +1537,7 @@
         case MBEDTLS_SSL_CERTIFICATE_VERIFY:
             ret = ssl_tls13_write_certificate_verify( ssl );
             break;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );